On 24/9/14 6:21 pm, A Mohan Rao wrote:
If u really a expert so then pls resolve bmy problem. I have do all the
things but still people can access blocked website in pfsense.
Sites like Facebook have thousands of servers across the world, split
across numerous netblocks and content delivery networks. You never will
be able to completely block them, at least not without spending hundreds
of man-hours keeping up to date with IP lists, DNS names, etc.
Then you have to consider the easy availability of proxies designed
specifically to allow people to access blocked sites.
And even assuming you are able to block them, many sites share their CDN
infrastructure (Akamai, Limelight Networks, to name just two big ones),
so you have to consider the dangers of overblocking inadvertently
preventing your users from accessing necessary sites who happen to use
the same CDN.
There just isn't a panacea in this.
You are trying to find a technical solution to a social/political problem.
If your management doesn't understand that getting you to spend hours
upon hours playing 'whack-a-mole' blocking each social networking
netblock isn't productive use of your time, then perhaps asking them to
provide a whitelist of sites that employees *can* access, then simply
blocking anything not on that list might be a more sensible way of going
about this.
On a personal note, I'd add that if your management are so determined to
prevent people having a few moments to keep up with their
friends/personal life, I'd have to question whether I really wanted to
work for them...
Kind regards,
Chris
--
This email is made from 100% recycled electrons
_______________________________________________
List mailing list
[email protected]
https://lists.pfsense.org/mailman/listinfo/list
